The RFC3012bis draft provides functionality for reply protection between the Mobile and the Foreign Agent in addition to authentication extension support provided by RFC 3344. The terminology "MUST" mandates having the functionality supported by this draft at each Mobile Node and Foreign Agent. This will cause an issue of interoperability if these entities are just RFC 3344 compliant. If the Mobile Node doesn't have security association with the Foreign Agent but it is capable of supporting Challenge extension, the use of "SHOULD" is better over the use of "MAY".
This is a clarification note and hence does not require any changes in draft RFC3012bis